fix: add OpenClaw npm provenance metadata

[willkill07]

Overview

Fix the OpenClaw npm publish failure by declaring repository metadata that matches GitHub Actions provenance for the nemo-flow-openclaw package.

• I confirm this contribution is my own work, or I have the right to submit it under this project's license.
• I searched existing issues and open pull requests, and this does not duplicate existing work.

Details

• Added repository metadata to integrations/openclaw/package.json with the NVIDIA/NeMo-Flow source repository and OpenClaw workspace directory.
• Extended the OpenClaw pack payload check to require the provenance-sensitive repository URL and package directory before publish.
• Validated with npm run pack:check --workspace=nemo-flow-openclaw, uv run pre-commit run --files integrations/openclaw/package.json integrations/openclaw/scripts/check-pack-payload.mjs, and just --set ci true test-openclaw.
• uv run pre-commit run --all-files completed all remaining hooks except the unrelated local ty unresolved imports for deepagents.create_deep_agent and deepagents.backends in python/tests/integrations/deepagents/test_deepagents_integration.py.

Where should the reviewer start?

Start with integrations/openclaw/package.json, then check the new guard in integrations/openclaw/scripts/check-pack-payload.mjs.

Related Issues: (use one of the action keywords Closes / Fixes / Resolves / Relates to)

• Relates to: https://github.com/NVIDIA/NeMo-Flow/actions/runs/25895241662/job/76109056996

Summary by CodeRabbit

• Chores
  • Updated package metadata to properly reference the repository location.
  • Strengthened build validation to ensure package configuration consistency.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Enterprise

Run ID: 646a76c2-6228-40d2-9997-63c771b0b82f

📥 Commits

Reviewing files that changed from the base of the PR and between 681b3d7 and 816eb28.

📒 Files selected for processing (2)

• integrations/openclaw/package.json
• integrations/openclaw/scripts/check-pack-payload.mjs

📜 Recent review details

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Check / Run

🧰 Additional context used

📓 Path-based instructions (2)

**/{integrations,integration,*-integration}/**

📄 CodeRabbit inference engine (.agents/skills/contribute-integration/SKILL.md)

**/{integrations,integration,*-integration}/**: Keep NeMo Flow optional in framework integrations
Preserve the framework's original behavior when NeMo Flow is absent
Wrap tool and LLM paths at the correct framework boundary
Integration pattern must follow docs/integrate-frameworks/adding-scopes.md

Files:

• integrations/openclaw/scripts/check-pack-payload.mjs
• integrations/openclaw/package.json

integrations/openclaw/package.json

📄 CodeRabbit inference engine (.agents/skills/update-project-version/SKILL.md)

Keep integrations/openclaw/package.json version aligned with the workspace-root package-lock.json under packages["integrations/openclaw"].version

Files:

• integrations/openclaw/package.json

🔇 Additional comments (2)

integrations/openclaw/package.json (1)

6-10: LGTM!

integrations/openclaw/scripts/check-pack-payload.mjs (1)

91-98: LGTM!

---

Walkthrough

Package.json now declares repository metadata (Git type, NVIDIA/NeMo-Flow URL, integrations/openclaw directory). The pack-payload validation script enforces these fields with explicit assertions to catch mismatches during build checks.

Changes

Repository metadata declaration and validation

Layer / File(s)	Summary
Repository metadata declaration and validation integrations/openclaw/package.json, integrations/openclaw/scripts/check-pack-payload.mjs	Package.json adds repository field (Git type, GitHub URL, openclaw directory). Pack-payload script adds assertions validating repository.url and repository.directory match expected values; failures throw with specific error messages.

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	Title follows Conventional Commits format with 'fix' type, descriptive summary, and is 41 characters—well under the 72-character limit.
Description check	✅ Passed	Description includes all required template sections: Overview with confirmed checkboxes, detailed Changes, reviewer guidance, and related issues link.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint skipped: no ESLint configuration detected in root package.json. To enable, add eslint to devDependencies.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[willkill07]

/merge